Oracle file permissions

Posted on 2006-04-20
Last Modified: 2013-12-27
A Security Readiness Review (SRR) script was run against our servers operating system and several STIG violations related to Oracle directories were found.
These files are listed below:

-rwsr-s--- 1 oracle dba 2986436 Mar 31 14:12 dbsnmp
-r-sr-s--- 1 oracle dba 11784 Oct 14 2004 oradism
-rwsr-s--x 1 oracle dba 65422428 Mar 31 16:53 oracle
-rwsr-s--x 1 oracle dba 65357392 Mar 31 14:13 oracleO
-rwSr----- 1 oracle dba 1536 Apr 12 01:06 orapwriacurw
-rwSr----- 1 oracle dba 1536 Apr 12 01:20 orapwriacutm

I am not familiar with how SUID and SGID works. Do these files have a sticky
bit set on them? The security team says that the permissions are a sticky bit violation and that they need to be changed (i.e. remove the s). My concern is  whether or not changing these permission to satisfy them will cause certain  processes not to run or break anything in Oracle. If these permission settings must remain this way then I have to supply a written justification. Can someone provide and explanation, guidance, and/or recommendation for this issue?
Question by:sikyala
    LVL 48

    Accepted Solution

    None of the files have a sticky bit set.

    If they had a sticky bit, it would look like:

    -rwsr-s--t 1 oracle dba 2986436 Mar 31 14:12 dbsnmp

    Sticky bits are most commonly used on directories.  /tmp is a prime example where its permissions are 1777 (drwxrwxrwt).  The sticky bit prevents users deleting files in /tmp that aren't owned by them even though there is group write permission.

    I really hope your security team knows the difference between sticky and suid and guid bits.

    Essentially the permissions allow any user who is in the 'dba' group to be able to access and run most (not all) things that the 'oracle' user can.  If you don't have any users in the dba group, then you could possibilly change permissions
    LVL 38

    Assisted Solution

    -rwsr-s--x 1 oracle dba 65422428 Mar 31 16:53 oracle
    it is the correct permission.

    to make sure when oracle is running as user pracle and group dba.

    To learn more details about "SUID, SGID, and Sticky Bits", please read

    If a script or program has permssions like:
    -rwsr-s--x 1 root root  65422428 Mar 31 16:53 someapp

    then you need to pay attention on what's someapp for.
    LVL 38

    Expert Comment

    I can't see any valid reason to "Delete/NO refund" for this question.

    Our comments lead to the answer of the question.

    Have a nice weekend to all of you.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
    About FreeBSD Jails In FreeBSD, jails are a way of doing operating system level virtualization.  The basis of FreeBSD jails is chroot (, which changes the root directory of processes.  As a…
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
    Video by: Phil
    This video goes over how to configure and start a jail in FreeBSD.  This video is meant to supplement the article included with this course.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now